Last-minute presentations:
10:40 - 11:10 Brazil: land of plentiful bankers Dmitry Bestuzhev, Kaspersky Lab
11:10 - 11:40 iPhone v3 malware vector Marius van Oers, McAfee
10:40 - 11:10 Brazil: land of plentiful bankers, Dmitry Bestuzhev, Kaspersky Lab
Download slides.
Anyone who has analysed the code of malicious programs designed to steal users' banking information will probably agree
that Brazil is one of the most active countries and the source of the largest number of so-called banking trojans. Why
is Brazil the leader when it comes to creating this type of malware? Who is behind these crimes, and what is a typical
cybercriminal like?
Certain social aspects of the country are one of the factors which encourage the growth of such crimes. What are the
connections between Delphi, the programming language in which the majority of samples are written, the cybercriminals and
the social factors that surround them?
The biggest banks in Brazil are Banco do Brasil, with a total of 7,900,000 online banking clients; Bradesco, with
6,900,000 online banking clients, Itaú, with 4,200,000 online banking clients, and Caixa with 3,690,000 online banking
clients. How do these banks ensure that client transactions are secure? Often a special plug-in, G-Buster, has to be
installed before a client can access the bank's main page; this plug-in is designed to prevent malicious code from
running on the client machine while authorization is being performed or a transaction being made. What additional security
mechanisms are used? How do cybercriminals combat these mechanisms? Several examples will be given of the methods used
by cybercriminals.
Which social networking sites are commonly used by virus writers to steal banking data? Which malicious programs that
are not, strictly speaking, banking trojans, are used to steal money? Where is stolen data stored and in what form? Which
bank's clients suffer from the greatest number of attacks and why? And finally, taking a look beyond the official
explanations, who's actually behind the Brazilian bankers, and where does the money go?
This presentation answers the questions above, and many others. All information in the presentation was collected in the
course of personal research while living in Latin America.
11:10 - 11:40 iPhone v3 malware vector, Marius van Oers, McAfee
Download slides.
The Apple iPhone is very popular and is available globally.
With the appearance of v3 of the iPhone OS many new powerful
features have been added.
It was already possible to access the AddressBook from the Apple iPhone SDK.
Now, with the recently released v3.0b, it is also possible to
create (HTML) email messages, setting the Subject,
setting the TO/CC/BCC recipients and it is also even possible to include file attachments.
It is now also possible to query the network configuration
and/or if a certain target host would be reachable.
Malware might abuse those combined features.
This paper takes a look at what new features of iPhone OS 3 have been added
and what possible new malware attack vectors could arise from it.
